chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
actions/checkout	action	minor	v3.1.0 -> v3.6.0
actions/upload-artifact	action	patch	v3.1.0 -> v3.1.3
github.com/goccy/go-yaml	require	minor	v1.9.2 -> v1.11.2
github/codeql-action	action	minor	v2.2.4 -> v2.22.11
ossf/scorecard-action	action	minor	v2.1.2 -> v2.3.1

---

Release Notes

actions/checkout (actions/checkout)

v3.6.0

Compare Source

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

Compare Source

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

Compare Source

• Fix api endpoint for GHES

v3.5.1

Compare Source

• Fix slow checkout on Windows

v3.5.0

Compare Source

• Add new public key for known_hosts

v3.4.0

Compare Source

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

Compare Source

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• Fix comment typos (that got added in #​770)

v3.2.0

Compare Source

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

actions/upload-artifact (actions/upload-artifact)

v3.1.3

Compare Source

What's Changed

• chore(github): remove trailing whitespaces by @​ljmf00 in https://github.com/actions/upload-artifact/pull/313
• Bump @​actions/artifact version to v1.1.2 by @​bethanyj28 in https://github.com/actions/upload-artifact/pull/436

Full Changelog: actions/upload-artifact@v3...v3.1.3

v3.1.2

Compare Source

• Update all @actions/* NPM packages to their latest versions- #​374
• Update all dev dependencies to their most recent versions - #​375

v3.1.1

Compare Source

• Update actions/core package to latest version to remove set-output deprecation warning #​351

goccy/go-yaml (github.com/goccy/go-yaml)

v1.11.2: 1.11.2

Compare Source

What's Changed

• Fix handle of space at start or last by @​ozraru in https://github.com/goccy/go-yaml/pull/376
• Fix quoted comments by @​WillAbides in https://github.com/goccy/go-yaml/pull/370
• Fix sequence with comment by @​goccy in https://github.com/goccy/go-yaml/pull/390
• bump actions/checkout v4 by @​shogo82148 in https://github.com/goccy/go-yaml/pull/391
• add Go 1.21 to the build matrix by @​shogo82148 in https://github.com/goccy/go-yaml/pull/392
• apply go fmt with Go 1.21 by @​shogo82148 in https://github.com/goccy/go-yaml/pull/394
• bump actions/setup-go v4 by @​shogo82148 in https://github.com/goccy/go-yaml/pull/393

New Contributors

• @​WillAbides made their first contribution in https://github.com/goccy/go-yaml/pull/370
• @​shogo82148 made their first contribution in https://github.com/goccy/go-yaml/pull/391

Full Changelog: goccy/go-yaml@v1.11.1...v1.11.2

v1.11.1: 1.11.1

Compare Source

What's Changed

• Handle \r in a double-quoted string the same as \n by @​k1LoW in https://github.com/goccy/go-yaml/pull/372
• chore: replace loop with n.Values = append(n.Values, target.Values...) by @​testwill in https://github.com/goccy/go-yaml/pull/380
• fix: skip encoding an inline field if it is null by @​zoncoen in https://github.com/goccy/go-yaml/pull/386
• Fix comment parsing with null value by @​goccy in https://github.com/goccy/go-yaml/pull/388

New Contributors

• @​testwill made their first contribution in https://github.com/goccy/go-yaml/pull/380

Full Changelog: goccy/go-yaml@v1.11.0...v1.11.1

v1.11.0: 1.11.0

Compare Source

What's Changed

• Supports dynamically switch encode and decode processing for a given type by @​goccy in https://github.com/goccy/go-yaml/pull/368

Full Changelog: goccy/go-yaml@v1.10.1...v1.11.0

v1.10.1: 1.10.1

Compare Source

What's Changed

• Quote YAML 1.1 bools at encoding time for compatibility with other legacy parsers by @​mumoshu in https://github.com/goccy/go-yaml/pull/354
• Update CI by @​goccy in https://github.com/goccy/go-yaml/pull/364
• Update Go Version by @​goccy in https://github.com/goccy/go-yaml/pull/365
• Don't trim all space characters in SequenceNode.blockStyleString by @​martin-sucha in https://github.com/goccy/go-yaml/pull/361
• Add support of 32-bit architecture by @​ozraru in https://github.com/goccy/go-yaml/pull/350
• Support strings starting with @​ by @​10io in https://github.com/goccy/go-yaml/pull/339

New Contributors

• @​mumoshu made their first contribution in https://github.com/goccy/go-yaml/pull/354
• @​ozraru made their first contribution in https://github.com/goccy/go-yaml/pull/350
• @​10io made their first contribution in https://github.com/goccy/go-yaml/pull/339

Full Changelog: goccy/go-yaml@v1.10.0...v1.10.1

v1.10.0: 1.10.0

Compare Source

What's Changed

• Fix comment option by @​goccy in https://github.com/goccy/go-yaml/pull/349

Full Changelog: goccy/go-yaml@v1.9.8...v1.10.0

v1.9.8: 1.9.8

Compare Source

What's Changed

• ast: append new line at the end of file by @​kurochan in https://github.com/goccy/go-yaml/pull/329
• Fix custom marshaler by @​goccy in https://github.com/goccy/go-yaml/pull/333
• Care map node by @​goccy in https://github.com/goccy/go-yaml/pull/334
• Fix behavior when struct fields conflicted by @​goccy in https://github.com/goccy/go-yaml/pull/335
• scanner: fix position calculation for literal, folded and raw folded strings by @​efd6 in https://github.com/goccy/go-yaml/pull/330

New Contributors

• @​kurochan made their first contribution in https://github.com/goccy/go-yaml/pull/329
• @​efd6 made their first contribution in https://github.com/goccy/go-yaml/pull/330

Full Changelog: goccy/go-yaml@v1.9.7...v1.9.8

v1.9.7: 1.9.7

Compare Source

What's Changed

• Fix resusing process of scanning context by @​goccy in https://github.com/goccy/go-yaml/pull/322
• Fix quoted map key by @​goccy in https://github.com/goccy/go-yaml/pull/328

Full Changelog: goccy/go-yaml@v1.9.6...v1.9.7

v1.9.6

Compare Source

New Features

• Introduce MapKeyNode interface to limit node types for map key ( #​312 )

Fix bugs

• Quote strings with special characters in flow mode ( #​270 )
• typeError implements PrettyPrinter interface ( #​280 )
• Fix incorrect const type ( #​284 )
• Fix large literals type inference on 32 bits ( #​293 )
• Fix UTF-8 characters ( #​294 )
• Fix decoding of unknown aliases ( #​317 )
• Fix stream encoder for insert a separator between each encoded document ( #​318 )

Update

• Update golang.org/x/sys ( #​289 )
• Update Go version in CI ( #​295 )
• Add test cases for missing keys to struct literals ( #​300 )

v1.9.5

Compare Source

New Features

• Add UseSingleQuote option ( #​265 )

Fix bugs

• Preserve defaults while decoding nested structs ( #​260 )
• Fix minor typo in decodeInit error ( #​264 )
• Handle empty sequence entries ( #​275 )
• Fix encoding of sequence with multiline string ( #​276 )
• Fix encoding of BytesMarshaler type ( #​277 )
• Fix indentState logic for multi-line value ( #​278 )

v1.9.4

Compare Source

Fix bugs

• Keep prev/next reference between tokens containing comments when filtering comment tokens ( #​257 )
• Supports escaping reserved keywords in PathBuilder ( #​258 )

v1.9.3

Compare Source

New Features

• Support encoding and decoding time.Duration fields ( #​246 )
• Allow reserved characters for key name in YAMLPath ( #​251 )
• Support getting YAMLPath from ast.Node ( #​252 )
• Support CommentToMap option ( #​253 )

Fix bugs

• Fix encoding nested sequences with yaml.IndentSequence ( #​241 )
• Fix error reporting on inline structs in strict mode ( #​244, #​245 )
• Fix encoding of large floats ( #​247 )

Improve workflow

• Migrate CI from CircleCI to GitHub Action ( #​249 )
• Add workflow for ycat ( #​250 )

github/codeql-action (github/codeql-action)

v2.22.11

Compare Source

v2.22.10

Compare Source

v2.22.9

Compare Source

v2.22.8

Compare Source

v2.22.7

Compare Source

v2.22.6

Compare Source

v2.22.5

Compare Source

v2.22.4

Compare Source

v2.22.3

Compare Source

v2.22.2

Compare Source

v2.22.1

Compare Source

v2.22.0

Compare Source

v2.21.9

Compare Source

v2.21.8

Compare Source

v2.21.7

Compare Source

v2.21.6

Compare Source

v2.21.5

Compare Source

v2.21.4

Compare Source

v2.21.3

Compare Source

v2.21.2

Compare Source

v2.21.1

Compare Source

v2.21.0

Compare Source

v2.20.4

Compare Source

v2.20.3

Compare Source

v2.20.2

Compare Source

v2.20.1

Compare Source

v2.20.0

Compare Source

v2.3.6

Compare Source

v2.3.5

Compare Source

v2.3.4

Compare Source

v2.3.3

Compare Source

v2.3.2

Compare Source

v2.3.1

Compare Source

v2.3.0

Compare Source

v2.2.12

Compare Source

v2.2.11

Compare Source

v2.2.10

Compare Source

v2.2.9

Compare Source

v2.2.8

Compare Source

v2.2.7

Compare Source

v2.2.6

Compare Source

v2.2.5

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.3.1

Compare Source

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1282
  • Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the v4.13.1 release notes

Full Changelog: ossf/scorecard-action@v2.3.0...v2.3.1

v2.3.0

Compare Source

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1270
  • For a full changelist of what this includes, see the v4.12.0 and v4.13.0 release notes
• ✨ Send rekor tlog index to webapp when publishing results by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1169
• 🐛 Prevent url clipping for GHES instances by @​rajbos in https://github.com/ossf/scorecard-action/pull/1225

Documentation

• 📖 Update access rights needed to see the results in code scanning by @​rajbos in https://github.com/ossf/scorecard-action/pull/1229
• 📖 Add package comments. by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1221
• 📖 Add SECURITY.md file by @​david-a-wheeler in https://github.com/ossf/scorecard-action/pull/1250
• 📖 Fix typo in token input docs by @​aabouzaid in https://github.com/ossf/scorecard-action/pull/1258

New Contributors

• @​david-a-wheeler made their first contribution in https://github.com/ossf/scorecard-action/pull/1250
• @​aabouzaid made their first contribution in https://github.com/ossf/scorecard-action/pull/1258

Full Changelog: ossf/scorecard-action@v2.2.0...v2.3.0

v2.2.0

Compare Source

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1192

Scorecard Result Viewer

Thanks to contributions from @​cynthia-sg and @​tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

• https://github.com/ossf/scorecard-webapp/pull/406
• https://github.com/ossf/scorecard-webapp/pull/422

As an example, you can see our own score visualized here
Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

• Runs that fail our workflow restrictions will fail with a 400 response indicating the problem, instead of a vague 500 status. (https://github.com/ossf/scorecard-action/pull/1156, resolved https://github.com/ossf/scorecard-action/issues/1150)
• Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (https://github.com/ossf/scorecard-action/pull/1191)

Docs

• 📖 Update README to accept fine-grained tokens by @​pnacht in https://github.com/ossf/scorecard-action/pull/1175
• 📖 Update installation instructions to match current GitHub UI by @​joycebrum in https://github.com/ossf/scorecard-action/pull/1153
• 📖 Document the GitHub action workflow restrictions when publishing results. by @​spencerschrock in

New Contributors

• @​bobcallaway made their first contribution in https://github.com/ossf/scorecard-action/pull/1140
• @​pnacht made their first contribution in https://github.com/ossf/scorecard-action/pull/1175

Full Changelog: ossf/scorecard-action@v2.1.3...v2.2.0

v2.1.3

Compare Source

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1111

Bug Fixes

• Invalid SARIF files from a bug in scorecard
  • #​1076, #​1094
• Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner
  • #​1092
• Scorecard action not reporting binary artifacts in the repo
  • #​1116

Full Scorecard Changelog: ossf/scorecard@v4.10.2...v4.10.5

Full Changelog: ossf/scorecard-action@v2.1.2...v2.1.3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.